VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Cisco 890 Router that is connected to a broadband connection. Internet is up, all services appear to be operational. There is a VPN tunnel to a smaller office in town that shares the internet with the device. We have a scale that just got installed. This scale is on the IP address 192.168.35.115.
I can ping it from the router, I can telnet to it on port 4660 on the internal LAN. When I goto setup a rule that would allow any IP to telnet to the port from the internet, it doesn't appear to be routing.

ip nat inside source static tcp 192.168.35.115 4660 interface Dialer1 4660
access-list 106 permit tcp any any eq 4660

Those are the commands I typed in to allow the traffic on port 4660 through the WAN interface.
Are there any other commands I need to type to allow the traffic to route?
0
Become a Certified Penetration Testing Engineer
LVL 12
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I had this question after viewing LDAP assigned VPN polices in ASA firewalls with multiple user groups..

I had this set up via LDAP and wanted to move to RADIUS

With out trying to return a class as per the solution in the last question it works fine. But as soon as I return a class it fails?

The class is returned as part of the response

Parsed packet data.....
Radius: Code = 2 (0x02)
Radius: Identifier = 175 (0xAF)
Radius: Length = 139 (0x008B)
Radius: Vector: 01A2231F0C2570CD254908D9560CFE4B
Radius: Type = 25 (0x19) Class
Radius: Length = 18 (0x12)
Radius: Value (String) =
6f 75 3d 49 54 2d 56 50 4e 2d 50 6f 6c 69 63 79    |  ou=<policy name>
Radius: Type = 6 (0x06) Service-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x2
Radius: Type = 25 (0x19) Class
Radius: Length = 46 (0x2E)
Radius: Value (String) =
e0 4b 0b 66 00 00 01 37 00 01 02 00 c0 a8 b9 64    |  .K.f...7.......d
00 00 00 00 80 a3 32 b4 9c 4f c2 44 01 d4 91 f9    |  ......2..O.D....
24 e5 bd 7b 00 00 00 00 00 00 09 02                |  $..{........
Radius: Type = 26 (0x1A) Vendor-Specific
Radius: Length = 25 (0x19)
Radius: Vendor ID = 9 (0x00000009)
Radius: Type = 1 (0x01) Cisco-AV-pair
Radius: Length = 19 (0x13)
Radius: Value (String) =
73 68 65 6c 6c 3a 70 72 69 76 2d 6c 76 6c 3d 31    |  shell:priv-lvl=1
35                                            

Open in new window

0
I have a SonicWall SMA 200 VPN appliance that accepts client connections on port 443.

If I access my VPN address (vpn.company.com) using a browser, there is a portal login page (see attached image).

Login page
Can I disable this external login web page?  If so, how?

I only want the SonicWall VPN client app to be able to connect to vpn.company.com.  I do not want a login web page publicly visible.
0
User would like to watch Netflix while they are in Spain.

Do they need a VPN connection for that?   If so, what would be a good product for Mac OS?  They have Mojave.


Thanks
0
Hello All,

I have a new Server 2016 system that I have setup up a DC.  This will be a new server taking over for an old SBS 2011 system being decommissioned.  I am logged in as a domain admin but can't get Remote Access for VPN to install.  It keeps saying that the server needs to be restarted to finish the install but it won't finish.  It does the same thing each time I try to install the role.  I can install the snap-in and turn on RRAS and I can set up the VPN that way but  I don't know if it really is setting everything up correctly.  I can't test yet since the SBS Server is till the VPN host and I want to make sure this is set up before I turn that one off.   I have done this on other Server 2016 systems with no problem so I don't know what is missing here.

Regards,

Rob
0
I'm attempting to setup a secure VPN connection into my office for a remote worker.
I have a Draytek 2960 and the remote PC is Windows 10 Pro.

How to establish IKEv2 EAP from macOS/iOS/Windows
I have followed through these instructions several times but I get the error when I try to connect. I know it refers to a Draytek 3900 but I think (hope) it's very similar to a 2960 - it looks like it is.
Connection error
I don't know what it means.
0
I have a Dell Sonicwall NSA 3600 and would like to create a VPN tunnel to be uses with all users that remote in to our Remote Desktop Server.

I don't know how to configure the secure VPN on the Sonicwall and have the VPN point to our Server 2008 Remote Desktop Server and have the sign in to their Remote Desktop Connection on the Remote Desktop Server.

I'm not sure how to go about this.  

Any help with this will be appreciated.
0
Hi all,

I'm looking for "firewall" software which I can install on my Windows 2008 server so clients can securily connect to this server.
Is this possible and which is a trustworthy vendor for this. I know I can also use the built-in but more and more systems like Apple do not really support it anymore and because this server is behind a shared connection a hardware firewall is not possible.

Thanks for your advice in this matter.

Best regards
0
Hi All,

I recently upgraded our Cisco ASA 5545 to version 9.9(2)36.  Since the upgrade we are not able to transfer files to/from our Azure tenants via the site to site vpn we have setup.  Here is an example:  

Local Server: 10.1.1.151
Azure server: 10.211.20.100

We can ping both ways fine, but file trans are failing.  It just hangs when I try a transfer.  For the monitoring I am seeing TCP Reset-I from inside.  Could this be the reason the file transfers are failing?  If so, anybody have any idea how to remedy that reset??

Jan 08 2019      08:25:33      302014      10.211.20.100      445      10.1.1.151      51178      Teardown TCP connection 38499637 for outside:10.211.20.100/445 to inside:10.1.1.151/51178 duration 0:05:53 bytes 5384 TCP Reset-I from inside

Thanks in advance.
0
Dear Experts

I have my servers running in housing center, all of them are virtual, protected by pfsense firewall. Directly on this firewall I created OpenVPN, created certificates, created users and ditsributed client software.

Now I am sitting in my home office with my wife, we have exactly same configuration of workstation computers but while when I connect to OpenVPN, I can see no restarts from 8 a.m. in the morning, her VPN client is full of restarts, maybe every 5-10 minutes,

Her restarts are initiated by this command (client side)
[ovpn.chubbable.com] Inactivity timeout (--ping-restart), restarting



Do you have any idea why? And how to troubleshoot problem?

Many thanks

Vladimir
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Cisco site to site bridge.  

I have a remote site that has a Cisco 867VAE on ADSL and I can telnet to it.  They use it for internet access.  

I have a Cisco 2851 at my site (and a shelf full of other ethernet and DSL routers in case this one is not adequate) providing ethernet access for my site.  

I need to access a device at the remote site (preferably without taking down Internet Access for more than a few minutes).  This device does not have a gateway configured, so I can't simply portforward to it or configure a site to site gre tunnel (as either would require a gateway or route on the device in question)

SO I decided to do a transparent bridge.

All the examples I can find say that a router can either route or bridge, but not both.  I don't believe that this is a real limitation.  After thinking about it, I want to set up a sub interface on the destination router that will bridge to a router at my site.  Presumably, this will involve creating a site to site VPN and attaching it to a bridge group.  

Can someone please help me achieve my goal - either using the method I have described - or a totally different method.  

I have remote access to configure the remote router.  I have no access to the device in question.  Physical access to the device or remote site is not possible.  There are no computers at the remote site that I can say, TeamViewer to and then connect locally to the device.  

thanks

John
0
I'm running Running Access Anywhere on Server 2016 Essentials. The remote web access works perfectly, no issue there. The VPN is an issue. The VPN connects easily to the server, however the client computer is unable to access any shared folders on the server. It's as if the client connects to the server via the VPN, but can't see anything once its connected. Just as an FYI, I am the owner of a small company and wear many hats. IT is one of them, however I am not proficient with the server. I may need details on how to gather any information that is needed to resolve this issue.

Thanks!
0
I VPN into work and then from there occasionally remote into a network server. I can easily copy files back and forth from the remote server to my local directory on my laptop. This works great for most files, however right now I have a file which is very large. When I try to copy that file from the network server to my local drive, I am informed that the approximate time to copy the file is two hours long. Well the file never copies, because after about 30 minutes the connection seems to time out, and the file is not copied. Our server currently is not set up for ftp file transfer, so I am wondering how I can copy the file over. Does anyone have any ideas? A
0
hi all,

is this possible.

network 1 - 10.3.3.0
network 2 - 192.168.50.0

they are connected via VPN. all traffic is flowing nicely apart from the phones.

the client has bought a VoIP phone system which needs to be on the same subnet, is it possible to 'trick' the 192 network to have a 1x 10.3.3.0 IP address on its network so that the phones can talk back to the phone system? And then to have the routing on the routers to move the traffic correctly.

Thanks
Gareth
0
Stream radio from UAE
I would like to listen to this radio stream from this website on my Android phone
https://www.radio4fm.com/player/

but its geo locked to UAE only, anyway I can listen to this from Canada for free or any cheap method.

Thanks,
0
Hello looking for some experts to provide some feedback on an odd issue I'm trying to pin down.

Laptop - on board Verizon SIM - VPN SW Client back to office* - Able to ping resource on local office LAN by IP and Name and also 182.13.x.x traffic by IP and Name
*Note: Also a vendor specific router off in-office firewall interface that certain and all 182.13.x.x data gets routed to/through.

Connection via on board SIM connection - CANNOT resolve a https:\\listenerpage.domain.com site.
Connection via Hot-spot on cell phone - CAN
Connection via a external Verizon Jet-pack newer or older model - CAN
Connection via hard wire/LAN connection within the LAN - CAN

Tested on two different same manufacturer Laptops, Panasonic, and same behavior (success vs unsuccessful HTTPS address resolution) outlined above.

Packet Monitoring shows drop on successful HTTPS resolution attempt but nothing really that can denote why other than its not getting a response back it seems.  Wire-shark shows packets can be no bigger than 1378 when being transmitted, but it's same when successful using another method to get out to internet by Verizon.  Of course all vendor support says 'not them'.

Any thoughts on what else to look at consider, angles to approach would be greatly appreciated.
0
I'm looking for someone to help setup a new watchguard T15 and a BOVPN to an existing XTM25.  I know enough to be dangerous (maybe even that much).

I'd envision to have the person on the phone / remoted into my PC which would be on the LAN side of the T15 and I'd have team viewer connection to a PC on the LAN side of the XTM25 to set up the vpn (you are probably saying there's better ways to do the setup, but that's an indication of what I do and don't know).
0
hello Experts
i have a Cisco ASA 5510 soft version is 8.4(7), i have IPSEC VPN(Cisco VPN Client) and SSL VPN(Cisco Anyconnect) configured, i want to configure L2TP VPN on this as well, after read some article i have to using the default tunnel-group which named DefaultRAGroup, but after that not only new configured L2TP not works, but also affect other VPN, the symptom is VPN could connected but no any network connection, once i remove the DefaultRAGroup, L2TP could not connected any more and other VPN works well then.
could you suggest it is possible have all above types VPN configured on one ASA firewall?

thank you
0
Hi,
I start sshuttle with the following command :
sshuttle --dns -r robinsu@115.120.126.216:6050 10.23.0.0/16 10.2.5.0/24 172.16.0.0/16 10.1.6.1/32 10.31.0.0/19 -v
And it always asks me the two password :
1) the user password for the system
2) passphrase

Is there anyway to avoid this everytime ?

Thanks
0
Learn SQL Server Core 2016
LVL 12
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

What are some reason version history would not work in OneDrive for Business?
I am thinking there is corruption on the OS?
The problem happened when files were  being uploaded to OneDrive, and I suspect because the VPN was access shortly after the files were uploaded, the upload of the file got corrupted. The upload of the file did not contain any of the most recent changes.
So my thinking is that OneDrive keeps a copy of a file it could not upload on the local OS.
0
A proxy that should provide Internet access while on VPN is not working.
My next plan of action is to un-install and re-install Internet Explorer
Any suggestions?

OS: Windows 10
I initiated a Windows Update
0
Can fortinet firewalls (50d) be setup to monitor an ipsec vpn connection and switch to another if one is down?
0
I have set up a VPN tunnel between a Fortigate 140D (running 6.0.3) and a Sonicwall NSA240 (running  5.9.1.7-2o).  The tunnel is up and running.  The Sonicwall can ping devices in the Foritgate network, but the Fortigate cannot ping anything in the Sonicwall network.

I have the route correctly set on the Fortigate and the logs show that the pings are going out, but nothing is coming back.  I enabled Debug on the Sonicwall and it's not seeing the pings at all.  I've followed a bunch of Forti to Sonic VPN tutorials and guides without any success.

Any suggestions?  (if there's specific screenshots that you'd like to see, let me know)
0
hello all

anyone knows of a way to bypass openvpn's ifconfig-push server setting from the client side ? basically overriding the ip the server wants to set.

... or can link to a documentation that clearly states it cannot be done or piece of code on the server side that implements said impossibility ?

context : openvpn server pushes ips using ifconfig-push in client scripts triggered based on the certificate used. i want to either make sure the clients cannot spoof one another or demonstrate they can.

thanks for sharing
0
I Have a Cisco ASA for regular use, internet, vpn, ex.   We are moving an application to the cloud and the company sent use another firewall (ASA) just for VPN purposes.  I gave them a public and private address for the VPN device.  I set this up with the LAN portion of the VPN Device connected to the switch which the switch port is trucked.  The WAN portion is connected to a port on the company ASA. I set up a nat from the from the public IP I gave them and Private IP.  I then set up an access list a number different ways.  Most notably I opened everything up to see if I could access the VPN ASA but couldn't.  Couldn't ping it either.  Is there something I'm missing, do I need to add a glabal command allowing the same-security traffic because the internal of the vpn device and company asa has the same security level as does the wan portion.
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.